You are viewing limited content. For full access, please sign in.

Question

Question

LF Forms User Sync error - An invalid dn syntax has been specified

Forms
Updated January 23
asked on June 15, 2022

Hi,

We have LF Forms synching users once every 24 hours. We are a pure SAML environment, no Windows users or groups. However, during the LF Forms user sync, we get this error every time:

An error occurred when searching for groups in Active Directory our.domain.ca [LFF3022-InvalidLfdsADDomain]
Message: An invalid dn syntax has been specified.

No Active Directory group 'S-1-9-12246445-....' found. The system account the Laserfiche Forms Routing Service runs under must be assigned the "ReadMemberOf" right for User objects in order to get the groups information for the Windows users in the Active Directory domain to be able to synchronize the Windows users.
Function: GetUserDescendantsInAD
 

The service account that runs all LF services has full read access to our AD environment.

I've looked everywhere in LFDS, Forms and cannot for the life of me find where it's trying to sync an AD group. We only have SAML users and SAML groups. I've turned off all domain syncs from within LFDS as well. Any insight on how to solve these Windows Error log messages?

Thanks.

1 0

Replies

replied on January 23

Hello,

Wanted to provide some additional info.  We had a similar error, but it just occurred for 4 user accounts.  The user accounts - when added to a LF-Root AD group (providing a particpant license), LFDS would not sync.  When those accounts were removed from the active directory group LFDS would sync without errors.  Add even one of them back in and it would fail to sync with the An invalid dn syntax has been specified message.  It turned out to be a backslash "\" in one of the name fields (example:  CN=Smith\, John).  When the \ was removed from the AD user account name field, and they were readded to the participant license AD group.  LFDS was happy and synching again.

Hope this helps someone else.

Christine

3 0
replied on June 21, 2022

There maybe something wrong with the accounts list LFDS side returns to Forms, Forms side will search the members for a Windows group with Active Directory if the group type of an account returned by LFDS is Windows Group. Please open a support case with your Solution Provider and provide the full event logs for synchronization as well as screenshots for the user authentication configuration in Forms and properties in LFDS for the groups added in the allowed list for Forms.

0 0
replied on August 24, 2022

Hello Patrick,

Was this error ever resolved?

I am seeing this with one of our customers as well.

Thanks,

Jeff Curtis

0 0
replied on August 24, 2022

We did not resolve it no. We were going to contact our provider a bit later. It's not affecting anything from what we can see, it's just throwing the error every time Forms tries to sync with LFDS.

1 0
replied on August 24, 2022

Thanks Patrick

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...